CVE-2006-1174

Description

useradd in shadow-utils before 4.0.3, and possibly other versions before 4.0.8, does not provide a required argument to the open function when creating a new user mailbox, which causes the mailbox to be created with unpredictable permissions and possibly allows attackers to read or modify the mailbox.

How to fix CVE-2006-1174

To remediate CVE-2006-1174, upgrade the affected package to a fixed version below.

• Debian/shadow—upgrade to 1:4.0.15-10 or later

Is CVE-2006-1174 being exploited?

Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 1:4.0.15-10

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2006-1174